[radvd/f14] fixes CVE-2011-3602
Jiri Skala
jskala at fedoraproject.org
Mon Oct 10 13:04:11 UTC 2011
commit 89931313cd56ccb4c35cb0d2ce3ef8758eeca87e
Author: Jiri Skala <jskala at redhat.com>
Date: Mon Oct 10 15:04:08 2011 +0200
fixes CVE-2011-3602
radvd-1.8.2-iface.patch | 12 ++++++++++++
radvd.spec | 9 ++++++++-
2 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/radvd-1.8.2-iface.patch b/radvd-1.8.2-iface.patch
new file mode 100644
index 0000000..c1ed9d3
--- /dev/null
+++ b/radvd-1.8.2-iface.patch
@@ -0,0 +1,12 @@
+diff -up radvd-1.8.2/device-linux.c.iface radvd-1.8.2/device-linux.c
+--- radvd-1.8.2/device-linux.c.iface 2011-10-10 10:26:47.089760082 +0200
++++ radvd-1.8.2/device-linux.c 2011-10-10 10:27:12.149014098 +0200
+@@ -244,7 +244,7 @@ set_interface_var(const char *iface,
+ return -1;
+
+ /* No path traversal */
+- if (strstr(name, "..") || strchr(name, '/'))
++ if (!iface[0] || !strcmp(iface, ".") || !strcmp(iface, "..") || strchr(iface, '/'))
+ return -1;
+
+ if (access(spath, F_OK) != 0)
diff --git a/radvd.spec b/radvd.spec
index 22eda58..c63a52b 100644
--- a/radvd.spec
+++ b/radvd.spec
@@ -5,7 +5,7 @@
Summary: A Router Advertisement daemon
Name: radvd
Version: 1.8.2
-Release: 1%{?dist}
+Release: 2%{?dist}
# The code includes the advertising clause, so it's GPL-incompatible
License: BSD with advertising
Group: System Environment/Daemons
@@ -19,6 +19,8 @@ Requires(pre): /usr/sbin/useradd
BuildRequires: flex, byacc
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch1: radvd-1.8.2-iface.patch
+
%description
radvd is the router advertisement daemon for IPv6. It listens to router
solicitations and sends router advertisements as described in "Neighbor
@@ -33,6 +35,8 @@ services.
%prep
%setup -q
+%patch1 -p1 -b .iface
+
%build
export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -fPIE"
export LDFLAGS='-pie -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen'
@@ -92,6 +96,9 @@ exit 0
%{_sbindir}/radvdump
%changelog
+* Mon Oct 10 2011 Jiri Skala <jskala at redhat.com> - 1.8.2-2
+- fixes CVE-2011-3602
+
* Fri Oct 07 2011 Jiri Skala <jskala at redhat.com> - 1.8.2-1
- update to latest upstream version 1.8.2
- this update fixes CVE-2011-360{1..5}
More information about the scm-commits
mailing list